Apparatus and method for securely managing the accessibility to content and applications

ABSTRACT

A system that incorporates the subject disclosure may perform, for example, receive secret information and non-secret information from a secure download application function, provide a request for a first verification to a secure element where the first verification is associated with access to content and/or an application that is accessible via the secure download application function, receive the first verification which is generated by the secure element based on the secret information without providing the secret information to the secure device processor, receive the non-secret information from the secure element, and generate a second verification for the access based on the non-secret information, where the content and/or application is accessible from the secure download application function responsive to the first and second verifications. Other embodiments are disclosed.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a Continuation of U.S. patent application Ser. No.14/962,481, filed on Dec. 8, 2015, which is a Continuation of U.S.patent application Ser. No. 14/065,010, filed Oct. 28, 2013. Allsections of the aforementioned applications are incorporated herein byreference in their entirety.

FIELD OF THE DISCLOSURE

The subject disclosure relates to an apparatus and method for securelymanaging the accessibility to content and applications.

BACKGROUND

Electronic devices are being utilized with more frequency to conductvarious types of transactions and exchanges of information. Content andapplications are available from a wide variety of sources that may ormay not be known to the users. The content and applications can includeprivate information or other data that a user and/or a source may desireto maintain as confidential and secure.

BRIEF DESCRIPTION OF THE DRAWINGS

Reference will now be made to the accompanying drawings, which are notnecessarily drawn to scale, and wherein:

FIG. 1 depicts an illustrative embodiment of a system that enables useof a secure element and a secure device processor as part of a secureservices platform for a communication device which provides security forcontent and application downloads, storage and consumption;

FIG. 2 depicts an illustrative embodiment of a system including thecommunication device of FIG. 1 implementing authentication andmanagement functions;

FIGS. 3A-3C depict an illustrative embodiment of a system that can beused for securely managing content and applications including downloads,storage and consumption;

FIGS. 4A-4C depict an illustrative embodiment of a system that can beused for used for provisioning devices that are engaged in securelymanaging content and applications;

FIGS. 5A-5C depict an illustrative embodiment of a system that can beused for configuring devices that are engaged in securely managingcontent and applications;

FIGS. 6A-6C depict an illustrative embodiment of a system that can beused for selection of securely managed content and applications;

FIGS. 7A-7C depict an illustrative embodiment of a system that can beused for consumption of securely managed content and applications;

FIGS. 8A-8C depict an illustrative embodiment of a system that can beused for distributing information associated with the consumption ofsecurely managed content and applications;

FIG. 9 depicts an illustrative embodiment of a method used in portionsof the systems described in FIGS. 1-8C;

FIG. 10 depicts an illustrative embodiment of a communication systemthat provides media services including secure management of content andapplications;

FIG. 11 depicts an illustrative embodiment of a communication devicethat can download, store and consume securely managed content andapplications; and

FIG. 12 is a diagrammatic representation of a machine in the form of acomputer system within which a set of instructions, when executed, maycause the machine to perform any one or more of the methods describedherein.

DETAILED DESCRIPTION

The subject disclosure describes, among other things, illustrativeembodiments for securely browsing, downloading, storing, and renderingcontent and/or applications for consumption or execution within a device(e.g., a smartphone, a desktop computer, a set top box, a tablet, and soforth), such as by using a secure element (e.g., a universal integratedcircuit card (UICC)) and a Secure Device Processor (SDP) as a securedownload platform. The UICC can be a highly secure computing platformfor storing secrets such as encryption keys and authenticationcredentials. It can be capable of hosting and executing highly secureapplets. The SDP can be a processor that is logically and/or physicallyseparate from a device processor and can offer more hardened securitythan the device processor, but not as much security as the UICC.Examples of an SDP can include a Trusted Execution Environment (TEE) andan embedded Secure Element (eSE). Together, the UICC and SDP can providea secure means of browsing, downloading, storing, and/or rendering forconsumption secure content and/or applications in one or more of theexemplary embodiments. The exemplary embodiments describe accessibilityto content and/or applications which can include all types ofaccessibility, such as browsing, downloading, immediate consumption,later consumption (e.g., from local storage) and so forth.

In one or more embodiments, the secure element (e.g., the UICC) cancontain a secure download management function for storing information,such as credentials and permissions, used to access, download, store,and render content and/or applications. Content and/or application datacan be downloaded from a secure download application function (e.g.,operating on a server which is illustrated as AS in the FIGs.). A securedownload engine within the SDP can interacts between the user, thesecure download application function, and the secure download managementfunction of the secure element to download and render content and/orapplication data for consumption, such as based on a set of credentialsand permissions stored within the secure download application functionand locally within the secure download management function.

In one or more embodiments, these credentials and permissions caninclude one or more of user identification, device identification,security levels indicating what rights the user has to the contentand/or application, digital rights management data, validity times,decryption keys (e.g., for content playback and/or applicationexecution), counters, access codes, and so forth. This information canbe categorized or otherwise defined as either being secret or non-secretinformation. In one embodiment, secret credentials and permissions arenot transmitted from the secure download management function andoperations involving them take place entirely within the secure downloadmanagement function. In one embodiment, non-secret credentials andpermissions can be passed to the secure download engine of the SDPand/or to other devices, such as the secure download applicationfunction.

In one or more embodiments, both the UICC and SDP are utilized togetherto provide a platform for the secure delivery, management, andconsumption of content and/or applications. In one or more embodiments,the SDP can be used to interact with the user, the UICC, and the securedownload application function. In one or more embodiments, the SDP canbe used to verify file-based credentials and permissions stored in thecontent and/or applications, and user-based credentials and permissionsstored in the UICC for the delivery and consumption of content and/orapplications. In one or more embodiments, the SDP can be used to updatethe secure download application function and the UICC regarding thestatus of content and/or applications, including whether they have beenpresented, executed, and so forth. In one or more embodiments, the UICCcan be used to store user credentials and permissions. In one or moreembodiments, secure remote management of the UICC and SDP applicationscan be performed. In one or more embodiments, secure remote managementof the UICC to update credentials and permissions can be performedutilizing update information. In one or more embodiments, multipleverifications such as by the UICC and the SDP can be utilized forbrowsing, consuming or both with respect to content and/or applications.

Other embodiments are included in the subject disclosure.

One embodiment of the subject disclosure includes a communication devicehaving a secure element with a secure element memory including firstexecutable instructions. The secure element, responsive to executing thefirst executable instructions, can perform first operations includingreceiving secret information and non-secret information from a securedownload application function, where the secure download applicationfunction is remote from the communication device. The secure element canstore the secret information and the non-secret information in thesecure element memory. The communication device can also have a securedevice processor having a secure device processor memory with secondexecutable instructions. The secure device processor can be separatefrom the secure element and in communication with the secure element.The secure device processor, responsive to executing the secondexecutable instructions, can perform second operations includingproviding a request for a first verification to the secure element,where the first verification is associated with access to content thatis accessible via the secure download application function. The securedevice processor can receive the first verification which is generatedby the secure element based on the secret information without providingthe secret information to the secure device processor, and can receivethe non-secret information from the secure element. The secure deviceprocessor can generate a second verification for the access based on thenon-secret information, where the content is received from the securedownload application function responsive to the first and secondverifications.

One embodiment of the subject disclosure is a method includingreceiving, by a secure element of a communication device, secretinformation and non-secret information from a secure downloadapplication function that is remote from the communication device. Themethod can include storing the secret information in a secure elementmemory of the secure element. The method can include providing, by asecure device processor of the communication device, a request for afirst verification to the secure element, wherein the secure deviceprocessor is separate from the secure element and is in communicationwith the secure element, and wherein the first verification isassociated with access to an application that is accessible via thesecure download application function. The method can include receiving,by the secure device processor, the first verification which isgenerated by the secure element based on the secret information withoutproviding the secret information to the secure device processor. Themethod can include receiving, by the secure device processor, thenon-secret information from the secure element. The method can includegenerating a second verification for the access based on the non-secretinformation, where the application is accessible by the communicationdevice from the secure download application function responsive to thefirst and second verifications.

One embodiment of the subject disclosure is a method includingproviding, by a secure download application function via a remotemanagement server, secret information and non-secret information to asecure element of a communication device, wherein the secure downloadapplication function and the remote management server are remote fromthe communication device, and wherein the secret information isconfigured for storage at the secure element without permitting accessto the secret information by a secure device processor of thecommunication device. The method can include receiving, at the securedownload application function, an access request from the secure deviceprocessor for at least one of content or an application, wherein theaccess request is generated at the communication device according to afirst verification by the secure element based on the secret informationand according to a second verification by the secure device processorbased on the non-secret information. The method can include providing,over a download path by the secure download application function, the atleast one of the content or the application to the communication deviceresponsive to the access request, wherein the download path does notinclude the remote management server.

In accordance with an embodiment of the disclosure, FIG. 1 depicts asystem 100 that includes a communication device 102 connected to orotherwise in communication with a network 122 and provided with a secureservices platform 110 enabling authentication of other communicationdevices and encrypted communication with those devices. It will beappreciated that the communication device 102 may be any device,including a user device, which has a secure element and a secure deviceprocessor. The term “user,” in this example, refers to a human user ofthe communication device. However, in other embodiments, the user can bea machine that exchanges data with the communication device 102 afterbeing authenticated to the communication device. Communication device102 can include a device processor 104, a SDP 106 and a secure element108. In this embodiment, secure element 108 can be a UICC. The UICC canbe a secure computing platform and can offer a high level of securityfor storing encryption keys, authentication credentials, and the like.The UICC may be removable from the device. In other embodiments, theUICC may be embedded in the device and not removable. In otherembodiments, the secure element 108 can be placed on a memory card or anembedded chip. The SDP 106 can be logically and/or physically separatefrom the device processor 104, and can be connected to both the deviceprocessor and the UICC 108. In this embodiment, the SDP 106 can offer ahigher level of security than the device processor 104, and can storeand execute secure applications. The SDP 106 can, for example, runapplications in a trusted execution environment. The secure element 108and SDP 106 together can form a secure services platform 110 resident onthe device 102. In this embodiment, secure element 108, SDP 106 anddevice processor 104 can each have a security level associatedtherewith, and the security level associated with the SDP 106 can beintermediate between that of the secure element 108 and that of thedevice processor 104. The SDP and secure element 108 can use mutualauthentication, as described in more detail below.

The secure element 108 and SDP 106 can communicate with a management(function) server 120, located remotely from device 102. The remotemanagement server 120 can be a platform for provisioning and/or managingapplications in the secure element 108 and SDP 106. The remotemanagement server 120 can also manage data (such as keys, credentials,and so forth) that are used by the applications. Examples of remotemanagement servers are described in U.S. patent application Ser. No.13/679,479 filed on Nov. 16, 2012 and U.S. patent application Ser. No.13/680,680 filed on Nov. 19, 2012, the disclosures of both of which arehereby incorporated by reference.

In this embodiment, user device 102 can be a wireless communicationdevice connected to a cellular network 122. Network 122 can also beother types of networks operating according to various communicationprotocols, such as a WiFi network. In other embodiments, device 102 canbe connected to other devices via a wired connection through a computer.In still other embodiments, user devices can communicate with each otherusing Bluetooth, infrared communications (IRDa) and/or near fieldcommunications (NFC). A communication session between user devices,wherein information is transferred between the users, can be effected bya wide variety of arrangements. A secure application server (SAS) can beused in some embodiments to establish a secure communication sessionbetween devices. However, a secure application server may not be used inembodiments where the communication session is established in apeer-to-peer manner, such as in Bluetooth, IRDa or NFC.

System 100 enables content and/or applications to be securely browsed,downloaded, stored, and rendered for consumption within the device 102,such as a smartphone by using the secure element 108 (which may existwithin the UICC or in another configuration) and the SDP 106 as a secureplatform. The secure element 108 can be a highly secure computingplatform for storing secrets, such as encryption keys and authenticationcredentials. In one or more embodiments, the secure element 108 can hostand execute highly secure applets. The device processor 104 cansometimes be relatively unsecure but has the capability of storing andexecuting very large and processor intensive applications. Examples ofthe SDP 106 can include a Trusted Execution Environment (TEE) andembedded Secure Element (eSE). Together, the secure element 108 and SDP106 can provide a secure means of downloading, storing, and consumingcontent and applications.

In one or more embodiments, system 100 enables loading secure downloadapplications to end user devices; loading initial credentials andpermissions to the end user devices; providing user access to browsecontent and/or applications; managing user requests and consumption ofcontent and/or applications; managing post-consumption notifications;and/or updating credentials and permissions. In one or more embodiments,system 100 provides: a secure download management function that may belocated in the UICC; a secure download engine which may be located inthe SDP; a master set of credentials and permissions which can be storedin the secure download application function and a subset of which can bestored in the secure download management function of the UICC; a remotemanagement system which can remotely manage the secure downloadmanagement function and the secure download engine and which canremotely load credentials and permissions into the secure downloadmanagement function; and/or linkage (e.g., registration to andassociation) with an authentication function. In one or moreembodiments, access requests for content and/or applications can begenerated at an end user device, a network element, and/or anotherdevice.

FIG. 2 is a schematic illustration 200 showing details of a secureservices platform 110, according to an embodiment of the disclosure,which can be used with the communication device 102 of FIG. 1. Thesecure element 108 (in this embodiment, a UICC) can contain anauthentication management function 202 and a real-time encryption keygenerator 204. The authentication management function 202 can provideauthentication services for the device. For example, the authenticationmanagement function 202 can support mutual authentication of devices,support a mutual authentication of the device, such as with the remotemanagement server 120 of FIG. 1. As shown in FIG. 2, the authenticationmanagement function 202 can include a user authentication service 212for authenticating the user to the device and a network authenticationservice 214 for authenticating the device to network equipment. Thereal-time encryption key generator 204 can supply encryption keys to areal-time encryption engine 206 which is located in the SDP 106. Thereal-time encryption engine 206 can encrypt and decrypt user informationtransmitted to or from a bearer path 216 that terminates at anotherdevice (e.g., another user device), and may encrypt and decryptinformation transmitted on a signaling path 218 to the network. Inanother embodiment, the encryption engine can be loaded on a secondsecure element, separate from the secure element 108.

The remote management server 120 can perform a remote provisioning andmanagement function 210 to load applications and/or content into thesecure element (e.g., UICC) 108 and SDP 106. In this embodiment, theremote management server 120 can provision the authentication managementfunction 202 and real-time encryption key generator 204 on the UICC 108,and can provision the real-time encryption engine 206 on the SDP 106.This can be done securely by the use of one or more remote managementkeysets. In one embodiment, before the secure services platform 110 canbe used for communication, the SDP 106 can be authenticated by the UICC108. In one embodiment, this can be done using a UICC-SDP keyset. TheUICC-SDP keyset may be provisioned remotely by the remote managementserver 120 or locally by an authorized user. In this embodiment, afterthe UICC 108 and SDP 106 are mutually authenticated using the UICC-SDPkeyset, they can communicate via a signaling path 208 within the secureservices platform 110. The UICC-SDP keyset may be used for securecommunication during initial loading and provisioning. However, the keysbeing utilized may be different. In one embodiment, the path between theUICC 108 and the SDP 106 can go through the device processor 104 ratherthan directly between the UICC and the SDP.

In this embodiment of FIG. 2, the secure services platform 110 enablesreceiving secret information and non-secret information from a securedownload application function, where the secure download applicationfunction is remote from the communication device. The secret informationand/or the non-secret information can be stored in a secure elementmemory. The SDP 106 can provide a request for a first verification tothe secure element 108, where the first verification is associated withaccess to content and/or an application that is accessible via thesecure download application function. The SDP 106 can receive the firstverification which is generated by the secure element 108 based on thesecret information without providing the secret information to thesecure device processor. The SDP 106 can receive the non-secretinformation from the secure element 108. The SDP can generate a secondverification for the access based on the non-secret information. Thecontent and/or application can be received or otherwise accessed fromthe secure download application function responsive to the first andsecond verifications.

Referring to system 300 of FIGS. 3A-C, secure management of download,storage and/or consumption of content and/or applications is generallyillustrated. The secure element 108 can contain the secure downloadmanagement function which performs one or more of the following tasks:storing credentials and permissions; validating user, device, andnetwork requests based on secret credentials and permissions; andproviding non-secret credentials and permissions to the secure downloadengine.

In one or more embodiments, the SDP 106 can contain the secure downloadengine which performs one or more of the following tasks: processinguser, device, and network requests for content and/or applications;communicating with an authentication function to authenticate the user;communicating with the secure download application function 150 tobrowse and download content and/or applications; communicating with thesecure download management function for the verification of secretcredentials and permissions; communicating with the secure downloadmanagement function to obtain non-secret credentials and permissions;validating user and/network requests based non-secret credentials andpermissions; rendering or displaying content and/or applications to theuser based on information from the secure download management functionand file-based permissions (e.g., at the time of download and/or laterto stored content and/or applications); executing downloadedapplications based on information from the secure download managementfunction and file-based permissions; decrypting encrypted content and/orapplication data; updating the secure download management function andsecure download application function 150 as to the status of downloadedcontent and/or application data; and performing operations to storedcontent and/or application data based on instructions from either orboth of the secure download management function and the secure downloadapplication function 150. It should be further understood that theverification process described herein based on secret information and/ornon-secret information can be utilized at various times including duringan initial browsing and/or obtaining of the content and/or applicationsand then later when stored content and/or applications are to beconsumed.

In one or more embodiments, the secure download application function 150can perform one or more of the following tasks: maintaining userinformation, including the master set of credentials and permissions;processing requests from the user or network to download content and/orapplications; containing secure content and/or application data;verifying that the user has the proper credentials and permissionsbefore allowing access to browse and download content and/orapplications; downloading the content and/or application to the user'sdevice; downloading credentials and permissions to the secure downloadmanagement function through the remote management function (server); andreceiving content and/or application status updates from the securedownload engine.

In one or more embodiments, the remote management server 120 can createand load the secure download applications described above into both thesecure element 108 (e.g., UICC) and the SDP 106. It can also update thecredentials and permissions that are stored in the secure downloadmanagement function (e.g., responsive to consumption of thecontent/application or prior to the consumption). In one or moreembodiments, these operations can be done securely by the use of one ormore remote management keysets. For example, the keysets can be used tomutually authenticate the UICC 108 and SDP 106 with the remotemanagement server 120 and to enable encryption between them.

In one or more embodiments, the secure downloading of content and/orapplications can be initiated by the user, by the device, and/or by thenetwork. Credentials and permissions for access to content and/orapplications can be stored in the secure download application function150. These credentials and permissions may include one or more of useridentification, device identification, security levels indicating whatrights the user and/or device has to the content and/or application,validity times, decryption keys (e.g., for content playback and/orapplication execution), counters, access codes and so forth.

In one or more embodiments, the secure element 108 can exist within theUICC, can store a subset of the credentials and permissions of thesecure download application function 150 and/or can provide local policyfor the use of stored content and/or application data. Credentials andpermissions can be loaded into the secure element 108 from the networkusing a very high security process, such as based on Global Platform. Inone embodiment, this path can be separate and isolated from the path inwhich the content and/or applications are transported to the device. Inone embodiment, secret credentials and permissions never leave thesecure element 108, while non-secret credentials and permissions may beprovided to the SDP 106 and to the secure download application function150.

In one or more embodiments, two types of permissions, user/device-basedand file-based can be utilized User/device permissions can be stored inthe secure download application function 150 along with user/devicecredentials. A subset of these credentials and permissions can betransmitted to the secure element 108. File permissions can be storedwithin the files themselves. The authentication function can be used toverify the user with the secure element 108 and then to the securedownload application function 150. The SDP 106 can interact with theuser, secure element 108, and secure download application function 150to process user/device/network requests, forward those requests to thesecure download application function, and to download, store, andrender/execute content and applications to the user or device based oncredentials and permissions.

In one or more embodiments, the secure download application function 150can receive requests for content and/or applications directly from thenetwork. The secure download application function 150 can verify thecredentials and permissions stored within it to see if requested contentand/or applications can be downloaded to the user/device. The SDP 106can request that the secure element 108 verify secret credentials andpermissions and can verify on its own non-secret credentials andpermissions provided to it by the secure element 108. The SDP 106 candisplay content to the user and can perform actions on applicationsbased on the result of this verification. The SDP 106 can notify thesecure element 108 and secure download application function 150 of statechanges to stored content and/or application data (e.g., playback,execution of a downloaded executable file, and so forth). The secureelement 108 and/or the secure download application function 150 canprovide instructions to the SDP 106 for the content and/or applicationsbased on the notifications received. The secure download applicationfunction 150 can make changes to the credentials and permissions storedwithin the secure element 108. Credentials and permissions can betransmitted using a separate path (e.g., via the remote managementserver 120) from the download of content and/or applications (e.g.,bypassing the remote management server 120).

Referring FIGS. 4A-C, system 400 is depicted which illustrates loadingof secure download applications. In one embodiment, two applications canbe loaded to the end user device: the secure download managementfunction and the secure download engine. For example, if theapplications have not been loaded at the time of manufacture, then at 1a, upon receiving a request for the service, the secure downloadapplication function 150 can instruct the remote management server 120to download the secure download management function to the secureelement 108 (e.g., UICC) and the secure download engine to the SDP 106.

At 1 b, the remote management server 120 can download the securedownload management function to the UICC 108 and the secure downloadengine to the SDP 106. Remote management keysets can be used to securelytransmit information from the remote management server 120 to the enduser device. This process can involve mutual authentication andencryption. At 1 c, the UICC 108 and SDP 106 can mutually authenticatewith each other once the two are provisioned using the UICC-SDP Keyset.

Referring to FIGS. 5A-C, system 500 is depicted which illustratespersonalizing with initial credentials and permissions. In one or moreembodiments, an initial set of user credentials and permissions can beloaded into the secure download management function through the remotemanagement server 120.

At 2 a, an initial set of user credentials and permissions as well asinstructions can be transmitted from the secure download applicationfunction 150 to the remote management server 120. At 2 b, thecredentials and permissions can be downloaded to the secure downloadmanagement function using the remote management keyset. At 2 c, theremote management server 120 can instruct the secure download engine toregister and associate with the authentication processor function. Thesecure download engine can then register and associate with theauthentication processor function.

Referring FIGS. 6A-C, system 600 is depicted which illustrates enablinga user to browse groups of secure content and/or applications. In one ormore embodiments, to browse for content and/or applications, the usermust first be given access to the secure download application function150. At 3 a, the user can request access to browse content and/orapplications. The secure download engine can check to see if the userhas been authenticated. At 3 b, if the user has not been authenticated,the secure download engine can request the authentication processorfunction to authenticate the user. At 3 c, the authentication processorfunction can request credentials from the user based on the informationprovided to it when the secure download engine registered and associatedwith it. At 3 d, the authentication processor function can process thecredentials and can transmit them to the authentication managementfunction for user verification. The authentication management functioncan verify whether or not the user is authenticated. If the user isverified, the authentication management function can provide accesscredentials, such as a user ID, for the secure download applicationfunction 150 to the authentication processor function. At 3 e, theauthentication processor function can notify the secure download enginewhether or not the user is authenticated. If authenticated, it may alsoprovide access credentials for the secure download application function150. At 3 f, once authenticated, the secure download engine may checkfor local permissions by asking the secure download management functionto determine whether or not the user has permissions that allow accessto the secure download application function 150. The secure downloadmanagement function can respond. At 3 g, if the secure download enginereceives an affirmative response from the secure download managementfunction, or if it decided not to check the permissions locally, thesecure download engine can establish a channel with the secure downloadapplication function 150. The secure download application function 150can verify that the user has permission to access content and/orapplications. The user may now browse for content and/or applications.

Referring to FIGS. 7A-C, system 700 is depicted which illustratesenabling user requests and consumption of content and/or applications.In one or more embodiments, this process involves the user selection ofcontent and/or an application to be downloaded, the downloading andstorage of the content and/or application load file and data, and therendering for consumption of the content and/or the execution of theapplication. Content and/or applications may be downloaded andimmediately consumed (e.g. streamed) or executed, or they may be storedfor consumption/execution at a different time. In one or moreembodiments, the request for content and/or applications may also beinitiated by the device, another end user device and/or the network. At4 a, the user can request content and/or an application to be downloadedto the device. The request can indicate if the download is to beimmediately consumed or stored for later consumption. At 4 b, the securedownload engine can check for local permissions by asking the securedownload management function to determine whether or not the user haspermissions that allow for the delivery of the requested download fromthe secure download application function 150 based on the request. Thesecure download management function can respond. In one embodiment, thesecure download engine may require the user to authenticate to it suchas described above with respect to steps 3 b-3 e.

At 4 c, if the secure download engine receives an affirmative responsefrom the secure download management function, or if it decided not tocheck the permissions locally, the secure download engine can establisha channel with the secure download application function 150. The securedownload application function 150 can verify that the user haspermission to download the content and/or application based on therequest. The secure download application function 150 can download thecontent and/or application data to the secure download engine. At 4 d,the secure download engine can store the content and/or application datain secure download storage. In one embodiment, secure download storagecan be used both to buffer content and/or application data for immediateconsumption as well to store content and/or application data forconsumption at a later time. The content and/or application may beencrypted. At 4 e, the secure download application function 150 canupdate the credentials and permissions stored within the secure downloadmanagement function prior to the rendering of the content and/orexecution of the application data. The update can be transported fromthe secure download application function 150 through the remotemanagement server 120 to the UICC 108. The update may include decryptionkeys in addition to updated credentials and permissions.

At 4 f, the secure download engine can initiate rendering of the contentand/or the execution of the application load file stored in the securedownload storage. This may be initiated by the user or initiatedautomatically by the secure download engine. The secure download enginecan check for file-based permissions within the downloaded files and actupon them if necessary. In one embodiment, the secure download enginemay require the user to authenticate to it such as described above insteps 3 b-3 e. At 4 g, if the content and/or application data isencrypted the secure download engine can request a decryption key fromthe secure download management function. At 4 h, content and/orapplication data can be loaded from the secure download storage to thesecure download engine where it is decrypted if necessary, rendered, anddisplayed to the user for consumption. Applications can be loaded fromthe secure download storage to the secure download engine, decrypted ifnecessary, and executed. In one or more embodiments, the secure downloadengine may check for permissions from the secure download managementfunction before it renders the content and/or executes the application.

Referring to FIGS. 8A-C, system 800 is depicted which illustratesnotification procedures such as post-consumption notices. In one or moreembodiments, once the content and/or application data is consumed thesecure download engine may notify the secure download managementfunction and/or the secure download application function 150 as to thestatus of the content and/or application (i.e. if it has just beenconsumed). The secure download management function or the securedownload application function 150 may provide instructions to the securedownload engine based on the notification. Credentials and permissionsmay be updated as a result of the notification.

At 5 a, once the content and/or application is consumed, the securedownload engine can notify the secure download management function. Thesecure download management function may provide instructions to thesecure download engine regarding the content and/or applications. At 5b, the secure download engine can notify the secure download applicationfunction 150 which may also provide instructions to the secure downloadengine regarding the content and/or applications. In one embodiment,instructions from the secure download application function 150 can takepriority over those from the secure download management function. At 5c, the secure download engine can take action according to theinstructions it received. These instructions can include locking,deleting or otherwise rendering inaccessible the content and/orapplication data stored in secure download storage. At 5 d, the securedownload application function 150 can update the credentials andpermissions stored within the secure download management function afterthe rendering/execution of the content and/or applications. The updatecan be transported from the secure download application function 150through the remote management server 120 to the UICC 108.

In one or more embodiments, credentials and permissions can be updatedat various times. For example, at any time during the lifecycle of theservice, the secure download application function 150 may wish to updatethe credentials and permissions stored in the secure download managementfunction. This can be facilitated by the remote management server 120utilizing the technique described above with respect to steps 2 a and 2b for the initial personalization.

FIG. 9 depicts an illustrative embodiment of a method for securelymanaging content and/or applications including download, storage and/orconsumption by an end user communication device. Method 900 can begin at902 where secret information and non-secret information is received byan end user device, such as from a secure download application function150 that is remote from the communication device. The secret andnon-secret information can be received via remote management server 120at secure element 108 (e.g., a UICC). In one or more embodiments,keysets can be utilized for mutual authentication of the secure element108 and the secure device processor 106 with the remote managementserver 120. The secret and non-secret information can be various typesof information. For example, the secret information can include adecryption key (e.g., for content playback and/or application execution)and/or an authentication credential. As another example, the non-secretinformation can include a user identification, a device identification,digital rights management data, and/or a validity time period. In oneembodiment, whether the information is secret or non-secret can dependon a number of factors, such as a type of content and/or applicationbeing accessed, a subscriber service, quality of service requirements,and so forth. The secret information can be securely stored at a secureelement memory so that the secret information is not provided to, orotherwise accessible by, the secure device processor or a deviceprocessor of the end user device. In one embodiment, the non-secretinformation can also be stored at the secure element memory and can beselectively provided to the secure device processor, the deviceprocessor, and or other devices (e.g., the secure download applicationfunction 150).

At 904, an access request can be processed based on the secretinformation. The request can be for access to various types of content(e.g., images, video, audio, data, and so forth) and/or access tovarious types of applications, such as instructions that can be executedby or otherwise utilized by the end user device. The processing at 904can be in various forms, such as generating a verification that the enduser device and/or the user is permitted the desired access. Otherprocessing can also be provided, such as digital rights management andso forth. In one embodiment, the secure device processor 106 can requesta verification from the secure element that the access is valid. Inresponse to this request, the secure element 108 can analyze the secretinformation to make the determination, without providing the secretinformation to the secure device processor 106. This processing caninclude decrypting based on a secret decryption key, identifying andverifying access codes, and so forth. Continuing with the example, thesecure element can provide the secure device processor 106 with averification that the access request is valid. In one or moreembodiments, all of the secret information is limited to access by thesecure element 108 with the secure device processor 106 being preventedfrom accessing the secret information.

At 906, the secure device processor 106 can perform its own processingof the access request based on the non-secret information. For example,responsive to receiving the access request (e.g., via user input or viea request from a remote device), the secure device processor 106 canrequest the non-secret information be provided from the secure element108. The secure device processor 106 can then analyze the non-secretinformation to generate a verification of the access request. Forinstance, the non-secret information can include one or more of a useridentification, a device identification, digital rights management data,or a validity time period. The secure device processor 106 can determinethat the user is of appropriate age to watch content and/or executeapplications based on the user identification, can determine that thedevice has the capabilities of presenting the content and/orapplications based on the device identification, can determine that thecontent and/or applications is legally accessible based on the digitalrights management data and/or can determine that the content and/orapplications is still available from the source based on the validitytime period.

In one embodiment, the end user device can obtain access to browsingcontent and/or applications accessible via the secure downloadapplication function 150. For example, user credentials can be receivedat the secure device processor 106 along with user input requestingcontent and/or applications browsing access. The secure device processor106 can provide the user credentials to the secure element 108. Thesecure device processor 106 can receive browsing access credentials fromthe secure element 108 responsive to an authentication of the usercredentials by the secure element. In this example, a browsing channelcan be established between the end user device and the secure downloadapplication function 150 responsive to the browsing access credentials,where the browsing channel enables browsing a group of content and/or agroup of applications accessible via the secure download applicationfunction.

At 908, if the processing of the secret information by the secureelement 108 and the processing of the non-secret information by thesecure device processor 106 verifies that the access request is validthen the secure download application function 150 can provide the enduser device with access to the content and/or application. The accesscan be various types including, browsing, downloading, storage,consumption and so forth. In one embodiment, the end user device canestablish different communication paths for receiving thesecret/non-secret information and receiving the content/application. Forexample, the secure element 108 can receive the secret information andthe non-secret information from the secure download application function150 over a communication link that includes the remote management server120, while the download (or other access) of the content and/orapplication via the secure download application function is over acommunication link that does not include the remote management server120. In one embodiment, steps 904-908 can be performed multiple times,such as once to browse the content and/or applications, a second timefor downloading and storing the content and/or applications, and/or athird time for consuming the content and/or applications.

In one embodiment at 910, consumption information can be generated bythe end user device. For example, the end user device can monitor thepresentation, execution or change of state of the content and/orapplication and can generate consumption information based on themonitoring. In one embodiment, the consumption information can begenerated by the secure device processor 106 and provide to one or bothof the secure element 108 or the secure download application function150. Continuing with this example, access adjustment instructions can begenerated (by either or both of the secure element 108 and the securedownload application function 150) and provided to the secure deviceprocessor 106 for adjustment of the accessibility of the content and/orapplication at the end user device at 912. As an example, adjustmentinstructions can be received by the secure device processor 106 causingit to lock or delete all or a portion of the content and/or applicationdata (e.g., stored in a secure download storage of the secure deviceprocessor). Other adjustment instructions can also be received by thesecure device processor 106, such as instructions to archive or transmit(e.g., to another device) all or a portion of the content and/orapplication.

FIG. 10 depicts an illustrative embodiment of a communication system1000 for delivering media content and/or applications. The communicationsystem 1000 can represent an Internet Protocol Television (IPTV) mediasystem. Communication system 1000 can be overlaid or operably coupledwith systems 100, 200 of FIGS. 1 and 2 as another representativeembodiment of communication system 1000. In one or more embodiments,system 1000 enables providing, by a secure download application functionvia a remote management server, secret information and non-secretinformation to a secure element of a communication device. The securedownload application function and the remote management server can beremote from the communication device, and the secret information can beconfigured for storage at the secure element without permitting accessto the secret information by a secure device processor of thecommunication device. System 1000 also enables receiving, at the securedownload application function, an access request from the secure deviceprocessor for at least one of content and/or an application. The accessrequest can be generated at the communication device according to afirst verification by the secure element based on the secret informationand according to a second verification by the secure device processorbased on the non-secret information. System 1000 can provide, over adownload path by the secure download application function, the at leastone of the content and/or the application to the communication deviceresponsive to the access request. The download path may bypass theremote management server.

The IPTV media system can include a super head-end office (SHO) 1010with at least one super headend office server (SHS) 1011 which receivesmedia content and/or applications from satellite and/or terrestrialcommunication systems. In the present context, media content canrepresent, for example, audio content, moving image content such as 2Dor 3D videos, video games, virtual reality content, still image content,and combinations thereof. Applications can represent any software orinstructions that are executable by a machine or group of machines toperform operations tasks, or other functions. The SHS server 1011 canforward packets associated with the media content to one or more videohead-end servers (VHS) 1014 via a network of video head-end offices(VHO) 1012 according to a multicast communication protocol.

The VHS 1014 can distribute multimedia broadcast content and/orapplications via an access network 1018 to commercial and/or residentialbuildings 1002 housing a gateway 1004 (such as a residential orcommercial gateway). The access network 1018 can represent a group ofdigital subscriber line access multiplexers (DSLAMs) located in acentral office or a service area interface that provide broadbandservices over fiber optical links or copper twisted pairs 1019 tobuildings 1002. The gateway 1004 can use communication technology todistribute broadcast signals to media processors 1006 such as Set-TopBoxes (STBs) which in turn present broadcast channels to media devices1008 such as computers or television sets managed in some instances by amedia controller 1007 (such as an infrared or RF remote controller).

The gateway 1004, the media processors 1006, and media devices 1008 canutilize tethered communication technologies (such as coaxial, powerlineor phone line wiring) or can operate over a wireless access protocolsuch as Wireless Fidelity (WiFi), Bluetooth, Zigbee, or other present ornext generation local or personal area wireless network technologies. Byway of these interfaces, unicast communications can also be invokedbetween the media processors 1006 and subsystems of the IPTV mediasystem for services such as video-on-demand (VoD), browsing anelectronic programming guide (EPG), or other infrastructure services.

A satellite broadcast television system 1029 can be used in the mediasystem of FIG. 10. The satellite broadcast television system can beoverlaid, operably coupled with, or replace the IPTV system as anotherrepresentative embodiment of communication system 1000. In thisembodiment, signals transmitted by a satellite 1015 that include mediacontent and/or applications can be received by a satellite dish receiver1031 coupled to the building 1002. Modulated signals received by thesatellite dish receiver 1031 can be transferred to the media processors1006 for demodulating, decoding, encoding, and/or distributing broadcastchannels to the media devices 1008. The media processors 1006 can beequipped with a broadband port to an Internet Service Provider (ISP)network 1032 to enable interactive services such as VoD and EPG asdescribed above.

In yet another embodiment, an analog or digital cable broadcastdistribution system such as cable TV system 1033 can be overlaid,operably coupled with, or replace the IPTV system and/or the satelliteTV system as another representative embodiment of communication system1000. In this embodiment, the cable TV system 1033 can also provideInternet, telephony, and interactive media services.

The subject disclosure can apply to other present or next generationover-the-air and/or landline media content services system and/orapplications distribution system.

Some of the network elements of the IPTV media system can be coupled toone or more computing devices 1030, a portion of which can operate as aweb server for providing web portal services over the ISP network 1032to wireline media devices 1008 or wireless communication devices 1016.

Communication system 1000 can also provide for computing devices 1030 tofunction as a remote management server and/or a secure downloadapplication function (herein referred to as server 1030). The server1030 can use computing and communication technology to perform function1062, which can include among other things, maintaining userinformation, including the master set of credentials and permissions;processing requests from the user or network to download content and/orapplications; storing secure content and/or application data; verifyingthat the user has the proper credentials and permissions before allowingaccess to browse and download content and/or applications; downloadingthe content and/or application to the user's device; downloadingcredentials and permissions to the secure download management functionthrough the remote management server; and/or receiving content and/orapplication status updates from the secure download engine. The server1030 can use computing and communication technology to perform function1064, which can include among other things, creating and loading thesecure download applications into both the secure element (e.g., UICC)and the SDP; updating the credentials and permissions that are stored inthe secure download management function; and/or utilizing remotemanagement keysets to mutually authenticate the UICC and SDP with theremote management server and to enable encryption between them. Themedia processors 1006 and wireless communication devices 1016 can beprovisioned with software functions 1066, to utilize the services ofserver 1030. Functions 1066 can include functions being performed at thesecure element 108 including storing credentials and permissions;validating user, device, and/or network requests based on secretcredentials and permissions; and/or providing non-secret credentials andpermissions to the secure download engine. Functions 1066 can alsoinclude functions being performed at the secure device processor 106such as processing user, device, and network requests for content and/orapplications, communicating with the authentication function toauthenticate the user; communicating with the secure downloadapplication function to browse and download content and/or applications;communicating with the secure download management function for theverification of secret credentials and permissions; communicating withthe secure download management function to obtain non-secret credentialsand permissions; validating user and/or network requests basednon-secret credentials and permissions; rendering and displaying contentand/or applications to the user based on information from the securedownload management function and file-based permissions; executingdownloaded applications based on information from the secure downloadmanagement function and file-based permissions; decrypting encryptedcontent and/or application data; updating the secure download managementfunction and secure download application function as to the status ofdownloaded content and/or application data; and/or performing operationsto stored content and/or application data based on instructions fromeither or both of the secure download management function and the securedownload application function.

Multiple forms of media services can be offered to media devices overlandline technologies such as those described above. Additionally, mediaservices can be offered to media devices by way of a wireless accessbase station 1017 operating according to common wireless accessprotocols such as Global System for Mobile or GSM, Code DivisionMultiple Access or CDMA, Time Division Multiple Access or TDMA,Universal Mobile Telecommunications or UMTS, World interoperability forMicrowave or WiMAX, Software Defined Radio or SDR, Long Term Evolutionor LTE, and so on. Other present and next generation wide area wirelessaccess network technologies can be used in one or more embodiments ofthe subject disclosure.

FIG. 11 depicts an illustrative embodiment of a communication device1100. Communication device 1100 can serve in whole or in part as anillustrative embodiment of the devices depicted in FIGS. 1-8 and 10. Forinstance, device 1100 can include a secure element and a secure deviceprocessor in the secure services platform 110. The secure element 108can receive secret information and non-secret information from a securedownload application function, where the secure download applicationfunction is remote from the communication device; and can store thesecret information and the non-secret information in the secure elementmemory. The secure device processor 106 can provide a request for afirst verification to the secure element, the first verification beingassociated with access to content and/or applications that is accessiblevia the secure download application function; receive the firstverification which is generated by the secure element based on thesecret information without providing the secret information to thesecure device processor; receive the non-secret information from thesecure element; and generate a second verification for the access basedon the non-secret information.

To enable these features, communication device 1100 can comprise awireline and/or wireless transceiver 1102 (herein transceiver 1102), auser interface (UI) 1104, a power supply 1114, a location receiver 1116,a motion sensor 1118, an orientation sensor 1120, and a controller 1106for managing operations thereof. The transceiver 1102 can supportshort-range or long-range wireless access technologies such asBluetooth, ZigBee, WiFi, DECT, or cellular communication technologies,just to mention a few. Cellular technologies can include, for example,CDMA-1X, UMTS/HSDPA, GSM/GPRS, TDMA/EDGE, EV/DO, WiMAX, SDR, LTE, NFC,as well as other next generation wireless communication technologies asthey arise. The transceiver 1102 can also be adapted to supportcircuit-switched wireline access technologies (such as PSTN),packet-switched wireline access technologies (such as TCP/IP, VoIP,etc.), and combinations thereof.

The UI 1104 can include a depressible or touch-sensitive keypad 1108with a navigation mechanism such as a roller ball, a joystick, a mouse,or a navigation disk for manipulating operations of the communicationdevice 1100. The keypad 1108 can be an integral part of a housingassembly of the communication device 1100 or an independent deviceoperably coupled thereto by a tethered wireline interface (such as a USBcable) or a wireless interface supporting for example Bluetooth. Thekeypad 1108 can represent a numeric keypad commonly used by phones,and/or a QWERTY keypad with alphanumeric keys. The UI 1104 can furtherinclude a display 1110 such as monochrome or color LCD (Liquid CrystalDisplay), OLED (Organic Light Emitting Diode) or other suitable displaytechnology for conveying images to an end user of the communicationdevice 1100. In an embodiment where the display 1110 is touch-sensitive,a portion or all of the keypad 1108 can be presented by way of thedisplay 1110 with navigation features.

The display 1110 can use touch screen technology to also serve as a userinterface for detecting user input. As a touch screen display, thecommunication device 1100 can be adapted to present a user interfacewith graphical user interface (GUI) elements that can be selected by auser with a touch of a finger. The touch screen display 1110 can beequipped with capacitive, resistive or other forms of sensing technologyto detect how much surface area of a user's finger has been placed on aportion of the touch screen display. This sensing information can beused to control the manipulation of the GUI elements or other functionsof the user interface. The display 1110 can be an integral part of thehousing assembly of the communication device 1100 or an independentdevice communicatively coupled thereto by a tethered wireline interface(such as a cable) or a wireless interface.

The UI 1104 can also include an audio system 1112 that utilizes audiotechnology for conveying low volume audio (such as audio heard inproximity of a human ear) and high volume audio (such as speakerphonefor hands free operation). The audio system 1112 can further include amicrophone for receiving audible signals of an end user. The audiosystem 1112 can also be used for voice recognition applications. The UI1104 can further include an image sensor 1113 such as a charged coupleddevice (CCD) camera for capturing still or moving images.

The power supply 1114 can utilize common power management technologiessuch as replaceable and rechargeable batteries, supply regulationtechnologies, and/or charging system technologies for supplying energyto the components of the communication device 1100 to facilitatelong-range or short-range portable applications. Alternatively, or incombination, the charging system can utilize external power sources suchas DC power supplied over a physical interface such as a USB port orother suitable tethering technologies.

The location receiver 1116 can utilize location technology such as aglobal positioning system (GPS) receiver capable of assisted GPS foridentifying a location of the communication device 1100 based on signalsgenerated by a constellation of GPS satellites, which can be used forfacilitating location services such as navigation. The motion sensor1118 can utilize motion sensing technology such as an accelerometer, agyroscope, or other suitable motion sensing technology to detect motionof the communication device 1100 in three-dimensional space. Theorientation sensor 1120 can utilize orientation sensing technology suchas a magnetometer to detect the orientation of the communication device1100 (north, south, west, and east, as well as combined orientations indegrees, minutes, or other suitable orientation metrics).

The communication device 1100 can use the transceiver 1102 to alsodetermine a proximity to a cellular, WiFi, Bluetooth, or other wirelessaccess points by sensing techniques such as utilizing a received signalstrength indicator (RSSI) and/or signal time of arrival (TOA) or time offlight (TOF) measurements. The controller 1106 can utilize computingtechnologies such as a microprocessor, a digital signal processor (DSP),programmable gate arrays, application specific integrated circuits,and/or a video processor with associated storage memory such as Flash,ROM, RAM, SRAM, DRAM or other storage technologies for executingcomputer instructions, controlling, and processing data supplied by theaforementioned components of the communication device 1100.

Other components not shown in FIG. 11 can be used in one or moreembodiments of the subject disclosure. For instance, the communicationdevice 1100 can include a reset button (not shown). The reset button canbe used to reset the controller 1106 of the communication device 1100.In yet another embodiment, the communication device 1100 can alsoinclude a factory default setting button positioned, for example, belowa small hole in a housing assembly of the communication device 1100 toforce the communication device 1100 to re-establish factory settings. Inthis embodiment, a user can use a protruding object such as a pen orpaper clip tip to reach into the hole and depress the default settingbutton. The communication device 1100 can also include a slot for addingor removing an identity module such as a Subscriber Identity Module(SIM) card which, in some embodiments, can be the secure element orUICC. SIM cards can be used for identifying subscriber services,executing programs, storing subscriber data, and so forth.

The communication device 1100 as described herein can operate with moreor less of the circuit components shown in FIG. 11. These variantembodiments can be used in one or more embodiments of the subjectdisclosure.

The communication device 1100 can be adapted to perform the functions ofthe media processor 1006, the media devices 1008, or the portablecommunication devices 1016 of FIG. 10. It will be appreciated that thecommunication device 1100 can also represent other devices that canoperate in communication system 1000 of FIG. 10, such as a gamingconsole and a media player.

The communication device 1100 shown in FIG. 11 or portions thereof canserve as a representation of one or more of the devices of FIGS. 1-8 and10 including end user devices, customer premises equipment, remotemanagement servers, and/or secure download application function. Inaddition, the controller 1106 can communicate with the secure servicesplatform to perform the functions 1060 or can perform functions 1062 or1064.

Upon reviewing the aforementioned embodiments, it would be evident to anartisan with ordinary skill in the art that said embodiments can bemodified, reduced, or enhanced without departing from the scope of theclaims described below. For example, access to content and/orapplications can be broken down into segments which require multipleverifications by the secure element 108 and SDP 106 as described withrespect to method 900.

Other embodiments can be used in the subject disclosure.

It should be understood that devices described in the exemplaryembodiments can be in communication with each other via various wirelessand/or wired methodologies. The methodologies can be links that aredescribed as coupled, connected and so forth, which can includeunidirectional and/or bidirectional communication over wireless pathsand/or wired paths that utilize one or more of various protocols ormethodologies, where the coupling and/or connection can be direct (e.g.,no intervening processing device) and/or indirect (e.g., an intermediaryprocessing device such as a router).

FIG. 12 depicts an exemplary diagrammatic representation of a machine inthe form of a computer system 1200 within which a set of instructions,when executed, may cause the machine to perform any one or more of themethods described above. One or more instances of the machine canoperate, for example, as the remote management server, the securedownload application function, the secure services platform, and soforth. In some embodiments, the machine may be connected (e.g., using anetwork 1226) to other machines. In a networked deployment, the machinemay operate in the capacity of a server or a client user machine inserver-client user network environment, or as a peer machine in apeer-to-peer (or distributed) network environment.

The machine may comprise a server computer, a client user computer, apersonal computer (PC), a tablet PC, a smart phone, a laptop computer, adesktop computer, a control system, a network router, switch or bridge,or any machine capable of executing a set of instructions (sequential orotherwise) that specify actions to be taken by that machine. It will beunderstood that a communication device of the subject disclosureincludes broadly any electronic device that provides voice, video ordata communication. Further, while a single machine is illustrated, theterm “machine” shall also be taken to include any collection of machinesthat individually or jointly execute a set (or multiple sets) ofinstructions to perform any one or more of the methods discussed herein.

The computer system 1200 may include a processor (or controller) 1202(e.g., a central processing unit (CPU), a graphics processing unit (GPU,or both), a main memory 1204 and a static memory 1206, which communicatewith each other via a bus 1208. The computer system 1200 may furtherinclude a display unit 1210 (e.g., a liquid crystal display (LCD)), aflat panel, or a solid state display. The computer system 1200 mayinclude an input device 1212 (e.g., a keyboard), a cursor control device1214 (e.g., a mouse), a disk drive unit 1216, a signal generation device1218 (e.g., a speaker or remote control) and a network interface device1220. In distributed environments, the embodiments described in thesubject disclosure can be adapted to utilize multiple display units 1210controlled by two or more computer systems 1200. In this configuration,presentations described by the subject disclosure may in part be shownin a first of the display units 1210, while the remaining portion ispresented in a second of the display units 1210.

The disk drive unit 1216 may include a tangible computer-readablestorage medium 1222 on which is stored one or more sets of instructions(e.g., software 1224) embodying any one or more of the methods orfunctions described herein, including those methods illustrated above.The instructions 1224 may also reside, completely or at least partially,within the main memory 1204, the static memory 1206, and/or within theprocessor 1202 during execution thereof by the computer system 1200. Themain memory 1204 and the processor 1202 also may constitute tangiblecomputer-readable storage media.

Dedicated hardware implementations including, but not limited to,application specific integrated circuits, programmable logic arrays andother hardware devices that can likewise be constructed to implement themethods described herein. Application specific integrated circuits andprogrammable logic array can use downloadable instructions for executingstate machines and/or circuit configurations to implement embodiments ofthe subject disclosure. Applications that may include the apparatus andsystems of various embodiments broadly include a variety of electronicand computer systems. Some embodiments implement functions in two ormore specific interconnected hardware modules or devices with relatedcontrol and data signals communicated between and through the modules,or as portions of an application-specific integrated circuit. Thus, theexample system is applicable to software, firmware, and hardwareimplementations.

In accordance with various embodiments of the subject disclosure, theoperations or methods described herein are intended for operation assoftware programs or instructions running on or executed by a computerprocessor or other computing device, and which may include other formsof instructions manifested as a state machine implemented with logiccomponents in an application specific integrated circuit or fieldprogrammable gate array. Furthermore, software implementations (e.g.,software programs, instructions, etc.) including, but not limited to,distributed processing or component/object distributed processing,parallel processing, or virtual machine processing can also beconstructed to implement the methods described herein. It is furthernoted that a computing device such as a processor, a controller, a statemachine or other suitable device for executing instructions to performoperations or methods may perform such operations directly or indirectlyby way of one or more intermediate devices directed by the computingdevice.

While the tangible computer-readable storage medium 1222 is shown in anexample embodiment to be a single medium, the term “tangiblecomputer-readable storage medium” should be taken to include a singlemedium or multiple media (e.g., a centralized or distributed database,and/or associated caches and servers) that store the one or more sets ofinstructions. The term “tangible computer-readable storage medium” shallalso be taken to include any non-transitory medium that is capable ofstoring or encoding a set of instructions for execution by the machineand that cause the machine to perform any one or more of the methods ofthe subject disclosure. The term “non-transitory” as in a non-transitorycomputer-readable storage includes without limitation memories, drives,devices and anything tangible but not a signal per se.

The term “separate” can include a component or device that is logicallyand/or physically separate from another component or device, which caninclude components/devices that operate independently of each otherwhile being in communication with each other. In one or moreembodiments, devices can be separate in that they do not share anycommon component (although such separate devices can be in communicationwith each other such as via an electrode coupling. In one or moreembodiments, devices can be separate in that they each have one or morecomponents that are not shared between each other but have one or morecomponents that may be shared with each other.

The term “tangible computer-readable storage medium” shall accordinglybe taken to include, but not be limited to: solid-state memories such asa memory card or other package that houses one or more read-only(non-volatile) memories, random access memories, or other re-writable(volatile) memories, a magneto-optical or optical medium such as a diskor tape, or other tangible media which can be used to store information.Accordingly, the disclosure is considered to include any one or more ofa tangible computer-readable storage medium, as listed herein andincluding art-recognized equivalents and successor media, in which thesoftware implementations herein are stored.

Although the present specification describes components and functionsimplemented in the embodiments with reference to particular standardsand protocols, the disclosure is not limited to such standards andprotocols. Each of the standards for Internet and other packet switchednetwork transmission (e.g., TCP/IP, UDP/IP, HTML, HTTP, NFC) representexamples of the state of the art. Such standards are from time-to-timesuperseded by faster or more efficient equivalents having essentiallythe same functions. Wireless standards for device detection (e.g.,RFID), short-range communications (e.g., Bluetooth, WiFi, Zigbee, NFC),and long-range communications (e.g., WiMAX, GSM, CDMA, LTE) can be usedby computer system 1200.

The illustrations of embodiments described herein are intended toprovide a general understanding of the structure of various embodiments,and they are not intended to serve as a complete description of all theelements and features of apparatus and systems that might make use ofthe structures described herein. Many other embodiments will be apparentto those of skill in the art upon reviewing the above description. Theexemplary embodiments can include combinations of features and/or stepsfrom multiple embodiments. Other embodiments may be utilized and derivedtherefrom, such that structural and logical substitutions and changesmay be made without departing from the scope of this disclosure. Figuresare also merely representational and may not be drawn to scale. Certainproportions thereof may be exaggerated, while others may be minimized.Accordingly, the specification and drawings are to be regarded in anillustrative rather than a restrictive sense.

Although specific embodiments have been illustrated and describedherein, it should be appreciated that any arrangement calculated toachieve the same purpose may be substituted for the specific embodimentsshown. This disclosure is intended to cover any and all adaptations orvariations of various embodiments. Combinations of the aboveembodiments, and other embodiments not specifically described herein,can be used in the subject disclosure. In one or more embodiments,features that are positively recited can also be excluded from theembodiment with or without replacement by another component or step. Thesteps or functions described with respect to the exemplary processes ormethods can be performed in any order. The steps or functions describedwith respect to the exemplary processes or methods can be performedalone or in combination with other steps or functions (from otherembodiments or from other steps that have not been described). Less thanall of the steps or functions described with respect to the exemplaryprocesses or methods can also be performed in one or more of theexemplary embodiments. Further, the use of numerical terms to describe adevice, component, step or function, such as first, second, third, andso forth, is not intended to describe an order or function unlessexpressly stated so. The use of the terms first, second, third and soforth, is generally to distinguish between devices, components, steps orfunctions unless expressly stated otherwise. Additionally, one or moredevices or components described with respect to the exemplaryembodiments can facilitate one or more steps or functions, where thefacilitating (e.g., facilitating access or facilitating establishing aconnection) can include less than all of the steps needed to perform thefunction or can include all of the steps of the function.

The Abstract of the Disclosure is provided with the understanding thatit will not be used to interpret or limit the scope or meaning of theclaims. In addition, in the foregoing Detailed Description, it can beseen that various features are grouped together in a single embodimentfor the purpose of streamlining the disclosure. This method ofdisclosure is not to be interpreted as reflecting an intention that theclaimed embodiments require more features than are expressly recited ineach claim. Rather, as the following claims reflect, inventive subjectmatter lies in less than all features of a single disclosed embodiment.Thus the following claims are hereby incorporated into the DetailedDescription, with each claim standing on its own as a separately claimedsubject matter.

What is claimed is:
 1. A communication device, comprising: a secureelement having a secure element memory; and a secure device processorhaving a secure device processor memory with executable instructions,wherein the secure device processor is separate from the secure elementand in communication with the secure element, wherein the secure deviceprocessor, responsive to executing the executable instructions,facilitates performance of operations, the operations comprising:receiving a first verification which is generated by the secure elementbased on secret information that is stored in the secure element memorywithout the secure element providing the secret information to thesecure device processor, wherein the secure device processor does nothave access to the secret information and wherein the first verificationis associated with access to content that is sourced via a sourceserver; generating a second verification for the access to the contentbased on non-secret information, wherein the content is accessed fromthe source server based on the first verification and the secondverification; generating consumption information by monitoring theaccess to the content; providing the consumption information associatedwith the access to the content to the secure element, the consumptioninformation indicating that the content has been presented by thecommunication device; receiving access instructions from the secureelement responsive to the consumption information; and preventing thecommunication device from further accessing the content according to theaccess instructions.
 2. The communication device of claim 1, wherein theoperations further comprise: receiving user input requesting contentbrowsing access, wherein the user input includes user credentials;providing the user credentials to the secure element; receiving browsingaccess credentials from the secure element responsive to anauthentication of the user credentials by the secure element; andfacilitating establishing a browsing channel responsive to the browsingaccess credentials, wherein the browsing channel enables browsing agroup of content.
 3. The communication device of claim 2, wherein thebrowsing channel is established between the communication device and asecure download application function and wherein the browsing channelenables browsing the group of content via the secure downloadapplication function.
 4. The communication device of claim 1, wherein:the secret information and the non-secret information are obtained bythe secure element from a remote management server; the secretinformation comprises an authentication credential; and the non-secretinformation comprises a distribution rule associated with digital rightsmanagement for the content.
 5. The communication device of claim 1,wherein the content is received from a secure download applicationfunction responsive to the first verification and the secondverification, wherein the secure element comprises a universalintegrated circuit card, wherein the secret information and thenon-secret information are obtained by the secure element from thesecure download application function via a remote management server,wherein a download path of the content from the secure downloadapplication function does not include the remote management server, andwherein the remote management server is remote from the communicationdevice and the secure download application function.
 6. Thecommunication device of claim 1, further comprising a device processorthat is separate from the secure element and the secure deviceprocessor; wherein the device processor facilitates wirelesscommunications between the communication device and the source server;wherein the operations further comprise receiving from the secureelement the non-secret information that is stored in the secure elementmemory; and wherein the content is accessed from the source server bythe device processor based on the first verification and the secondverification.
 7. The communication device of claim 1, wherein the secretinformation includes a decryption key for content presentation and anauthentication credential, and wherein the non-secret informationincludes a user identification, a device identification, digital rightsmanagement data, and a validity time period.
 8. The communication deviceof claim 1, wherein the secret information and the non-secretinformation are obtained by the secure element via a remote managementserver, and wherein keysets are utilized for mutual authentication ofthe secure element and the secure device processor with the remotemanagement server.
 9. The communication device of claim 1, wherein thecontent is stored at the communication device, and wherein theoperations further comprise: receiving update information from a securedownload application function via a remote management server, whereinthe update information is received prior to the content having beenpresented by the communication device; and adjusting the secretinformation and the non-secret information based on the updateinformation.
 10. The communication device of claim 1, wherein theoperations further comprise providing a request for the firstverification to the secure element.
 11. A method, comprising: receiving,by a secure device processor of a communication device, a firstverification which is generated by a secure element of the communicationdevice, wherein the first verification is generated by the secureelement based on secret information that is stored in a secure elementmemory of the secure element, wherein the first verification isgenerated by the secure element without the secure element providing thesecret information to the secure device processor, wherein the securedevice processor does not have access to the secret information, whereinthe secure device processor is separate from the secure element and isin communication with the secure element, and wherein the firstverification is associated with access to an application that is sourcedvia a secure download application function; generating, by the securedevice processor, a second verification for the access to theapplication based on non-secret information, wherein the application isaccessed by the communication device responsive to the firstverification and the second verification; generating, by the securedevice processor, consumption information by monitoring the access tothe application; providing, by the secure device processor, theconsumption information associated with the access to the application tothe secure download application function, the consumption informationindicating that the application has been executed by the communicationdevice; receiving, by the secure device processor, access instructionsfrom the secure download application function responsive to theconsumption information; preventing, by the secure device processor, thecommunication device from further accessing the application according tothe access instructions; and facilitating establishing a browsingchannel between the communication device and the secure downloadapplication function responsive to browsing access credentials, whereinthe browsing channel enables browsing a group of applications accessiblevia the secure download application function.
 12. The method of claim11, further comprising: providing, by the secure device processor, arequest for the first verification to the secure element; and receiving,by the secure device processor, the non-secret information, wherein thenon-secret information is stored in the secure element memory of thesecure element, and wherein the non-secret information is received bythe secure device processor from the secure element; wherein a deviceprocessor of the communication device facilitates wirelesscommunications for the communication device, and wherein the deviceprocessor is separate from the secure element and the secure deviceprocessor.
 13. The method of claim 11, further comprising: receiving, bythe communication device, user input requesting browsing access, whereinthe user input includes user credentials; providing, within thecommunication device, the user credentials to the secure element; andreceiving, within the communication device, the browsing accesscredentials from the secure element responsive to an authentication ofthe user credentials by the secure element.
 14. The method of claim 11,wherein the secret information and the non-secret information areobtained by the secure element via a remote management server, whereinkeysets are utilized for mutual authentication of the secure element andthe secure device processor with the remote management server andwherein the method further comprises: receiving, within thecommunication device, update information from the secure downloadapplication function via the remote management server; and adjusting,within the communication device, the secret information and thenon-secret information based on the update information.
 15. The methodof claim 11, further comprising facilitating, by a device processor ofthe communication device, wireless communications between thecommunication device and the secure download application function,wherein the device processor is in communication with the secure deviceprocessor, wherein the secret information includes a decryption key forapplication execution and an authentication credential, wherein thenon-secret information includes a user identification, a deviceidentification, digital rights management data, and a validity timeperiod, and wherein the application is stored in a storage device of thecommunication device.
 16. The method of claim 11, further comprising:requesting, by the secure device processor, a decryption key from thesecure element; receiving, by the secure device processor, thedecryption key; performing, by the secure device processor, a decryptionof the application using the decryption key; and enabling, by the securedevice processor, execution of the application at the communicationdevice responsive to the decryption.
 17. A method, comprising: storingby a communication device, which comprises a secure element having asecure element memory and a secure device processor, secret information,wherein the secret information is stored by the communication device inthe secure element memory, wherein the secret information is storedafter being received from a secure download application function,wherein the secure download application function is remote from thecommunication device, and wherein the secure device processor isseparate from the secure element; generating, within the communicationdevice, a first verification by the secure element, wherein the firstverification is associated with access to content that is sourced viathe secure download application function, wherein the first verificationis based on the secret information without the secure element providingthe secret information to the secure device processor, and wherein thesecure device processor does not have access to the secret information;generating, within the communication device, a second verification forthe access to the content based on non-secret information; generating,within the communication device, consumption information by monitoringthe access to the content; providing, by the communication device, theconsumption information associated with the access to the content to thesecure download application function, the consumption informationindicating that the content has been presented by the communicationdevice; receiving by the communication device, responsive to theconsumption information, access instructions from the secure downloadapplication function; and preventing, within the communication device,further access to the content according to the access instructions;wherein the content includes file permissions, and wherein the contenthaving been presented by the communication device is according to thefile permissions.
 18. The method of claim 17, further comprising:storing, by the communication device, the non-secret information,wherein the non-secret information is stored by the communication devicein the secure element memory, and wherein the secret information and thenon-secret information are stored after being received from the securedownload application function; and obtaining, within the communicationdevice, the non-secret information from the secure element; wherein thecommunication device includes a device processor that is separate fromthe secure element and the secure device processor.
 19. The method ofclaim 17, wherein the secret information includes a decryption key forcontent presentation, wherein the non-secret information includes devicepermissions, and wherein the content having been presented by thecommunication device is according to the device permissions.
 20. Themethod of claim 17, wherein the secret information comprises anauthentication credential and wherein the non-secret informationcomprises a distribution rule associated with digital rights managementfor the content.